package com.moefor.clover.init.config;
import java.util.ArrayList;
import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.*;
import org.springframework.security.access.vote.*;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.expression.WebExpressionVoter;

import com.moefor.clover.service.SecurityUserService;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	@Autowired
	private SecurityUserService userDetailsService;
	
	@Override
	public void configure(WebSecurity web) throws Exception {
		// 设置不拦截规则
		web.ignoring().antMatchers("/favicon.ico", "/home.page", "/", "/sign.page", "/allsale.page" , "/item.page" , "/res/**", "/data/**", "/common/**");
	}
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests().accessDecisionManager(accessDecisionManager())
		.antMatchers("/**").hasRole("USER");
		http.logout().logoutUrl("/user/signout.do").invalidateHttpSession(true);
		http.sessionManagement().sessionFixation().migrateSession().maximumSessions(1).expiredUrl("/sign.page#signin");
		//http.sessionManagement().maximumSessions(1).maxSessionsPreventsLogin(true);
		
		http.formLogin().loginPage("/sign.page#signin");
		http.headers().frameOptions().sameOrigin();
		http.csrf().disable();
	}
	
	@Bean(name = "accessDecisionManager")
	public AccessDecisionManager accessDecisionManager() {
		List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<AccessDecisionVoter<? extends Object>>();
		decisionVoters.add(new AuthenticatedVoter());
		decisionVoters.add(new RoleVoter());
		decisionVoters.add(new WebExpressionVoter());
		AffirmativeBased accessDecisionManager = new AffirmativeBased(decisionVoters);
		return accessDecisionManager;
	}
	
	@Bean(name = "authenticationManager")
	public AuthenticationManager getAuthenticationManager(){
		try {
			return authenticationManager();
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		return null;
	}
	
	@Override
	protected void configure(AuthenticationManagerBuilder auth)throws Exception {
		// 自定义UserDetailsService
		auth.userDetailsService(userDetailsService).passwordEncoder(new Md5PasswordEncoder());
	}
}
